This article is part of our Essential Guide: Essential Guide to dealing with a data breach

Data breach hits Dow Jones

Hackers may have accessed the payment card details of up to 3,500 customers, warns finance publisher Dow Jones

US publishing and financial information firm Dow Jones is the latest high-profile company to admit being hit by a data breach, which security experts say goes hand in hand with fraud.

The firm said the breach is believed to be part of a broader campaign involving a number of other companies, and appeared to target contact information of current and former subscribers.

Dow Jones said payment card information may also have been accessed for fewer than 3,500 customers – but added there is no direct evidence the information was stolen.

Law enforcement officials informed the company of the breach in late July 2015. A subsequent investigation found unauthorised access had taken place between August 2012 and July 2015.

“To date, our extensive review has not uncovered any direct evidence that information was stolen, and we have taken steps to stop the unauthorised access,” Dow Jones chief executive William Lewis said in a letter to customers.

“We devote substantial resources to cyber security and we want to assure you that we are taking additional steps to further fortify our systems,” he said.

Lewis said Dow Jones would send a letter to all those affected by the breach with more information about the support the company is offering.

The company said customers should be on the look out for suspicious emails and avoid calls or emails asking for personal information.

Fraud and data theft

Ken Westin, senior security analyst at Tripwire, said fraud is a key driver of data breaches.“The number of large data breaches we see every day proves the link between these two crimes,” he said.

According to Westin, the rise of underground markets, where hackers and fraudsters engage in commerce with one another, has created a black market economy that generates demand for  personal information.

“The power of the internet continues to strengthen the links between these two types of crimes, allowing both to become more lucrative,” he said.

Westin said personal information is harvested from businesses that collect and store it, but the initial breach is usually just the beginning of a long fraud campaign that could last years.

Read more about data breaches

“All financial services businesses are hot targets for cyber crime and fraud because their customers are more likely to be wealthy, and therefore be more lucrative targets,” he said.

The increasing number of high-profile data breaches is leading to fears that businesses lack the ability to detect cyber crime quickly enough, a recent survey found.

According to the survey, by endpoint protection specialist Bit9 + Carbon Black, consumers in Britain are increasingly concerned there are many data breaches companies have yet to discover.

The researchers surveyed more than 2,000 UK adults and found that high-profile security breaches – such as the leaking of the personal details of around 32 million members of cheating site Ashley Madison – have led to increased fear of data breaches among the public. The survey found 81% of people worry cyber criminals might already have stolen their personal data without anyone noticing.

According to PwC’s Global State of Information Security Survey 2016, UK companies are not yet on top of cyber security incidents or their causes.

Nearly 10% of UK companies do not know how many cyber security attacks they had in the past year and 14% do not know how they happened, the survey revealed.

Data breaches are becoming increasingly common among private companies and government organisations.

In recent months, breaches have been announced by Experian, Excellus BlueCross BlueShield, the Internal Revenue Service (IRS), the Office of Personnel Management (OPM)  and Department of Energy in the US. Elsewhere breaches were reported by Carphone Warehouse in the UK and David Jones in Australia.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

With a breach that small I'm curious if it was an inside data breach. Most data breaches of this type are far larger in scale. The risk for that small of an amount of data was either to show the vulnerably at Dow Jones was there or someone thought a small amount of data as a test may go unnoticed as a glitch.  
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close